Debian alert: New gv packages fix buffer overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 176-1 security@debian.org http://www.debian.org/security/ Martin Schulze October 16th, 2002 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : gv Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE Id : CAN-2002-0838 BugTraq ID : 5808 Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim. This problem has been fixed in version 3.5.8-26.1 for the current stable distribution (woody), in version 3.5.8-17.1 for the old stable distribution (potato) and version 3.5.8-27 for the unstable distribution (sid). We recommend that you upgrade your gv package. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato - --------------------------------- Source archives: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1.dsc Size/MD5 checksum: 555 3aa3cb663f578cbf02c09f370951a814 http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1.diff.gz Size/MD5 checksum: 29382 2e9e7149b69bf36a80632c8b695b6495 http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8.orig.tar.gz Size/MD5 checksum: 369609 8f2f0bd97395d6cea52926ddee736da8 Alpha architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_alpha.deb Size/MD5 checksum: 278646 b12dd5fef60ff840b3921a511eb28c74 ARM architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_arm.deb Size/MD5 checksum: 238918 52892bea304128845836b4c9976d39a3 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_i386.deb Size/MD5 checksum: 226416 4f44d7df45cec7b132c1c7c9a6ba84ea Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_m68k.deb Size/MD5 checksum: 217712 2decb437f1a28beac92edb63f3d31444 PowerPC architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_powerpc.deb Size/MD5 checksum: 244382 cb3bd27b214e391ada83ce0593e16715 Sun Sparc architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_sparc.deb Size/MD5 checksum: 237878 ba1bdf19f68f62d36c8f58c015867287 Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1.dsc Size/MD5 checksum: 559 e7a2b5dfb91d7217d1b171b24682ea41 http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1.diff.gz Size/MD5 checksum: 18453 f9910a58912e1a6fbaef33ff4fe27b94 http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8.orig.tar.gz Size/MD5 checksum: 369609 8f2f0bd97395d6cea52926ddee736da8 Alpha architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_alpha.deb Size/MD5 checksum: 273262 6cb8adebf56cc25ef43d1358636dc9ca ARM architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_arm.deb Size/MD5 checksum: 243382 2707a8a87e133a45cc2a98dd223e7c8f Intel IA-32 architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_i386.deb Size/MD5 checksum: 226106 304f32b84e6497612222a26c9dc5c1fd Intel IA-64 architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_ia64.deb Size/MD5 checksum: 313888 522c58c4d2fecb99424533c4980d1409 HP Precision architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_hppa.deb Size/MD5 checksum: 252054 aa50a00ebb6d5c304ec94bbf1e65a2c9 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_m68k.deb Size/MD5 checksum: 216922 d11c3c10e70fb1593ce15c2b6c3863be Big endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_mips.deb Size/MD5 checksum: 252064 6b944b4c04f4488ea380063bdf3324ad Little endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_mipsel.deb Size/MD5 checksum: 250914 87afee172cf73ed91ad0449fadd9bb4b PowerPC architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_powerpc.deb Size/MD5 checksum: 243450 9c77e9860e1044bc4c7b9a7b054e8a4d IBM S/390 architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_s390.deb Size/MD5 checksum: 232784 96242f88c593319e0d3fddef928c47d2 Sun Sparc architecture: http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_sparc.deb Size/MD5 checksum: 237798 e5091427da6e76dbb9bb34cf03e94647 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9rX7QW5ql+IAeqTIRAl1SAJ9zrIG8/ejNUdP3XbXO3pqjqWO9iQCgoU5h 4FWVpDFC9IT+aMv1KpZRNmc= =wuLa -----END PGP SIGNATURE----- |
|
This topic does not have any threads posted yet!
You cannot post until you login.